darkreading

A convincing presale site for phony "Google Coin" features an AI assistant that engages victims with a slick sales pitch, funneling payment to attackers.

CVE-2026-2329 allows unauthenticated root-level access to SMB phone infrastructure, so attackers can intercept calls, commit toll fraud, and impersonate users.

How I realized what I was taught about threat intelligence was missing something crucial.

A China-related attacker has exploited the vendor flaw since mid-2024, allowing it to move laterally, maintain persistent access, and deploy malware.

Discover a strategic approach to govern scraping risks, balance security with business growth, and safeguard intellectual capital from automated data harvesting.

After detecting a zero-day attack, the country's effective response was attributed to the tight relationship between its government and private industry.

Keenadu downloads payloads that hijack browser searches, commit ad fraud, and execute other actions without user knowledge.

Russia-aligned groups are probable culprits behind the wiper attacks against renewable energy farms, a manufacturer, and a heating and power plant.

Remote monitoring and management (RMM) software offers hackers multiple benefits, including stealth, persistence, and operational efficiency.

ClickFix campaigns have adapted to the latest defenses with a new technique to trick users into infecting their own machines with malware.

The GS7 cyber-threat group targets US financial institutions with near-perfect imitations of corporate portals to steal credentials and gain remote access.

30 copycat apps tricked users, and Google itself, into thinking they're legitimate AI tools.

Zscaler's acquisition of SquareX comes as competitors like CrowdStrike and Palo Alto Networks also invest in secure browser technologies.

Threat actors are exploiting security gaps to weaponize Windows drivers and terminate security processes in targeted networks, and there may be no easy fixes in sight.

Espionage groups from China, Russia and other nations burned at least two dozen zero-days in edge devices in attempts to infiltrate defense contractors' networks.

As AI deployments scale and start to include packs of agents autonomously working in concert, organizations face a naturally amplified attack surface.

It's time to phase out the "patch and pray" approach, eliminate needless public interfaces, and enforce authentication controls, one expert says.

The AI-powered product delivers expert-grade malware analysis and reverse engineering in minutes.

Drawing on years of adversary tradecraft, SpecterOps experts work alongside customers to analyze and eliminate attack paths, protect critical assets, and stay ahead of emerging threats.

Men should take extra care on Valentine’s Day because they are nearly twice as likely as women to fall victim to romance scams.